Maintained by: NLnet Labs

[Unbound-users] unbound-control access control

Wouter Wijngaards
Mon Nov 24 12:13:29 CET 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Dmitriy,

Dmitriy Demidov schreef:
> Hi Wouter.
> 
> I can see you correction in the trunk repository - thanks. 
> 
> But I have to warn you about one extra problem.  If make a chmod/chown changes 
> corresponding to this new unbound-control-setup.sh:
> then, during system restarting, unbound do not starts automaticaly and I can 
> see this error messages insight of unbound.log:
> [1227454036] unbound[1035:0] error: Error setting up SSL_CTX key and cert 
> crypto error:0200100D:system library:fopen:Permission denied
> So... It may be only FreeBSD specific situation or may be not - I can not 
> investigate this issue more detailed.

Yeah you're right. I have added documentation, recommending to do sudo
- -u unbound unbound-control-setup.  It probably won't set group to wheel
on FreeBSD, but the trouble is this stuff is very distribution specific.

> Anyway - hope this report will be helpfull...

Yes, I added documentation, that is going to help operators figure out
what they need to do (check user permissions).

Best regards,
   Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJKoxZkDLqNwOhpPgRAg8hAJ9T7w4+yA3QvRXs7cft2Q1ifFZ5NwCgt3mo
L+n/AH4sOooOiNfgoctWhgU=
=5hIe
-----END PGP SIGNATURE-----